[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Tue Sep 24 09:32:02 CEST 2013
The branch, master has been updated
via f4ff81f dbcheck: Add back the elements that were wrongly removed from CN=Deleted Objects
via d787f7a pydsdb: Raise a more useful exception when dsdb_wellknown_dn fails.
via 51101b3 pydsdb: Give KeyError when we fail a schema lookup in python
via bcd535e dbcheck: Ensure to always increase the error_count
via 658fbef libsmbconf:registry: add "state directory" to the list of forbidden parameters
via 7cfab6b selftest: include "state directory" in invalid parameters in registry roundtrip test
via 11ca7d9 selftest: add "state directory" to the forbidden parameters test in net conf
via 21be539 selftest: add regression test for setting invalid parameters in registry config via "net [rpc] conf"
via dc222d8 selftest: update SED_INVALID_PARAMS in the registry.roundtrip test
via 8d67082 selftest: remove unused variables (copy'n'paste...) from test_net_conf.sh
via 1d9f281 s3:net conf: add the same parameter checks to "setparm" as in "net rpc conf".
via d16c2aa s3:net: check for GLOBAL_NAME net_conf_param_valid()
via f7cf09e s3:net rpc conf: factor validation of parameter out for re-use.
via 349bcaf s3:net rpc conf: rename canon_valname->canon_param_name for clarity in setparm.
via a00f97a s3:net rpc conf: setparm: introduce variables service_name, param_name, valstr for clarity
via 3e53097 s3:net rpc conf: reorganize the validity check and canonicalization of the input in "setparm"
via 429ab4e libsmbconf:registry: clarify the appearance of "includes" in forbidden_names
via 76a008c libsmbconf:registry: reorganize the validity check and canonicalization of the input in "setparm"
via b7db29e s3:net rpc conf: print the provided parameter name on error, not the canonicalized one
via bceb345 s3:net rpc conf: remove the (now) unused rpc_conf_reg_valname_forbidden()
via 0c4e5fc s3:net rpc conf: use the published smbconf_reg_parameter_is_valid()
via c1be069 libsmbconf:registry: publish smbconf_reg_parameter_is_valid()
via 4a65969 libsmbconf:registry: rework smbconf_reg_parameter_forbidden(), renaming it.
from 5426e57 Fix DN RDN case in partition names
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f4ff81f5797c5dd8f562aec2cfec789272e739fd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 22 19:26:50 2013 -0700
dbcheck: Add back the elements that were wrongly removed from CN=Deleted Objects
This is the final part of the fix for the issue in Samba 4.1
pre-release tree where we would wrongly delete the Deleted Objects
container during a join.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Tue Sep 24 09:31:37 CEST 2013 on sn-devel-104
commit d787f7af4979ed80aad07db928d1ae84eaaef35a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 22 19:26:10 2013 -0700
pydsdb: Raise a more useful exception when dsdb_wellknown_dn fails.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 51101b310adedb4eeb4c4382e631594ffa679ff2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 22 17:45:01 2013 -0700
pydsdb: Give KeyError when we fail a schema lookup in python
This allows sensible exception handling.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit bcd535e95c5e8f83f6b30264ab1f0de3c6ac2cda
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 22 17:07:22 2013 -0700
dbcheck: Ensure to always increase the error_count
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 658fbefef7f95df6410f98407a6a77dee32c268f
Author: Michael Adam <obnox at samba.org>
Date: Tue Sep 17 19:10:48 2013 +0200
libsmbconf:registry: add "state directory" to the list of forbidden parameters
At the time when the registry configuration was introduced,
the registry database file was placed in the "lock directory".
So the "lock directory" was added to the list of parameters
that may not be changed in the registry configuration
(because the next config reload would then load a different
registry and drop all the original seetings).
Later, "state directory" and "cache directory" were introduced,
both defaulting to "lock directory". And the registry's location
was changed to "state directory".
It slipped my attention that the forbidden parameters for the
should have been adapted at the time.
So this patch adds "state directory" to the list.
It keeps the lock directory, to catch the case
where the state directory is not explicitly set, hence
defaulting to the "lock directory".
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7cfab6bc8d340c08c513350823c6c65a7e4f5d2e
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 03:03:41 2013 +0200
selftest: include "state directory" in invalid parameters in registry roundtrip test
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 11ca7d9d606edd0b70d14a768528f63b3a9f8a30
Author: Michael Adam <obnox at samba.org>
Date: Sat Sep 21 22:38:31 2013 +0200
selftest: add "state directory" to the forbidden parameters test in net conf
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 21be539590b7af40ea8af7301cd539f6433a8928
Author: Michael Adam <obnox at samba.org>
Date: Sat Sep 21 22:34:31 2013 +0200
selftest: add regression test for setting invalid parameters in registry config via "net [rpc] conf"
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dc222d8b94301272ccdef21516bd6e3fe7df669c
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 03:06:12 2013 +0200
selftest: update SED_INVALID_PARAMS in the registry.roundtrip test
and add an explaining comment.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8d67082adb8b212a29b5710a6aa56e820d75a611
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 03:02:51 2013 +0200
selftest: remove unused variables (copy'n'paste...) from test_net_conf.sh
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1d9f2815433f8fe0885f672fa8bc490638809c00
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 10:00:55 2013 +0200
s3:net conf: add the same parameter checks to "setparm" as in "net rpc conf".
In "net rpc conf" these checks are necessary, since the that command
uses the plain rpc-registry interface at this moment, and so unfortunately
it has to duplicate the checks from the smbconf library.
Since "net conf" uses the registry, these checks are not necessary in
this command. I add them nonetheless to make the output more similar
to "net rpc conf". It is also a little more user friendy than just
printing "INVALID_PARAMETER" as handed back from libsmbconf.
Implement these checks by calling the new net_conf_param_valid() function.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d16c2aabd7c46f3d294e2401ad1ee4685486cd4b
Author: Michael Adam <obnox at samba.org>
Date: Tue Sep 24 06:43:03 2013 +0200
s3:net: check for GLOBAL_NAME net_conf_param_valid()
instead of checking for literal "global"
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f7cf09e661734744163c96c214892558b3d004e5
Author: Michael Adam <obnox at samba.org>
Date: Tue Sep 24 06:38:09 2013 +0200
s3:net rpc conf: factor validation of parameter out for re-use.
This goes into a new module net_conf_util to be shared
between net conf and net rpc conf.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 349bcafe09b6ae0ccd2ddc4acef2fd4c48dbc45d
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 09:59:19 2013 +0200
s3:net rpc conf: rename canon_valname->canon_param_name for clarity in setparm.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a00f97a392463e53f091e10aed06b59836824d32
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 09:11:55 2013 +0200
s3:net rpc conf: setparm: introduce variables service_name, param_name, valstr for clarity
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3e5309768931629da555d0ea1b236913f4cc3484
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 08:26:47 2013 +0200
s3:net rpc conf: reorganize the validity check and canonicalization of the input in "setparm"
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 429ab4ed02e2ef0887e92942987e5702022c8a7f
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 08:54:30 2013 +0200
libsmbconf:registry: clarify the appearance of "includes" in forbidden_names
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 76a008cd1827d0563c42dbef433e35ce5ee6a041
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 08:47:14 2013 +0200
libsmbconf:registry: reorganize the validity check and canonicalization of the input in "setparm"
- first check that the name is an smbconf parameter
- then check that the parameter is allowed in the registry config
- then check that a global parameter is not to be set in a service section
- then canonicalize the parameter and value name, thereby checking that the
value has valid format
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b7db29eb2a224068282f9dd38502a147c2df5712
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 07:51:05 2013 +0200
s3:net rpc conf: print the provided parameter name on error, not the canonicalized one
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bceb34543e68306ad7cf69894302682e916b2325
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 03:45:28 2013 +0200
s3:net rpc conf: remove the (now) unused rpc_conf_reg_valname_forbidden()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0c4e5fcc536723ac2e3c55273fc50d1727e91d0f
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 03:44:58 2013 +0200
s3:net rpc conf: use the published smbconf_reg_parameter_is_valid()
Instead of the duplicated rpc_conf_reg_valname_forbidden()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c1be069be94b71c1d85471314c0971bd091af194
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 10:27:38 2013 +0200
libsmbconf:registry: publish smbconf_reg_parameter_is_valid()
So that this does not need to be duplicated..
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4a65969e11d3bc7da62afec82de9f6d51d5e6a08
Author: Michael Adam <obnox at samba.org>
Date: Sun Sep 22 03:39:48 2013 +0200
libsmbconf:registry: rework smbconf_reg_parameter_forbidden(), renaming it.
The logic is inverted, the lp_parameter_is_invalid call of
smbconf_reg_valname_valid() is included, and the function
is renamed to smbconf_reg_parameter_is_valid().
Use the new function everywhere in smbconf registry backend.
And remove corresponding reverse function smbconf_reg_valname_valid().
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/dbchecker.py | 67 ++++++++++++++++
source3/lib/smbconf/smbconf_reg.c | 74 ++++++++++-------
source3/lib/smbconf/smbconf_reg.h | 5 +
source3/script/tests/test_net_conf.sh | 69 ++++++++++++-----
.../script/tests/test_net_registry_roundtrip.sh | 19 ++---
source3/utils/net_conf.c | 5 +
source3/utils/net_conf_util.c | 69 ++++++++++++++++
.../smbconf_txt.h => source3/utils/net_conf_util.h | 26 +++---
source3/utils/net_rpc_conf.c | 84 +++++--------------
source3/wscript_build | 1 +
source4/dsdb/pydsdb.c | 21 +++--
11 files changed, 295 insertions(+), 145 deletions(-)
create mode 100644 source3/utils/net_conf_util.c
copy lib/smbconf/smbconf_txt.h => source3/utils/net_conf_util.h (62%)
Changeset truncated at 500 lines:
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index ee8b5ae..4281e6b 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -62,6 +62,7 @@ class dbcheck(object):
self.move_to_lost_and_found = False
self.fix_instancetype = False
self.fix_replmetadata_zero_invocationid = False
+ self.fix_deleted_deleted_objects = False
self.reset_well_known_acls = reset_well_known_acls
self.reset_all_well_known_acls = False
self.in_transaction = in_transaction
@@ -100,6 +101,21 @@ class dbcheck(object):
else:
self.write_ncs = None
+ res = self.samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=['namingContexts'])
+ try:
+ ncs = res[0]["namingContexts"]
+ self.deleted_objects_containers = []
+ for nc in ncs:
+ try:
+ dn = self.samdb.get_wellknown_dn(ldb.Dn(self.samdb, nc),
+ dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER)
+ self.deleted_objects_containers.append(dn)
+ except KeyError:
+ pass
+ except KeyError:
+ pass
+ except IndexError:
+ pass
def check_database(self, DN=None, scope=ldb.SCOPE_SUBTREE, controls=[], attrs=['*']):
'''perform a database check, returning the number of errors found'''
@@ -878,6 +894,51 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
self.report("Fixed attribute '%s' of '%s'\n" % (attr, dn))
+ def is_deleted_deleted_objects(self, obj):
+ faulty = False
+ if "description" not in obj:
+ self.report("ERROR: description not present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ if "showInAdvancedViewOnly" not in obj:
+ self.report("ERROR: showInAdvancedViewOnly not present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ if "objectCategory" not in obj:
+ self.report("ERROR: objectCategory not present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ if "isCriticalSystemObject" not in obj:
+ self.report("ERROR: isCriticalSystemObject not present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ if "isRecycled" in obj:
+ self.report("ERROR: isRecycled present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ return faulty
+
+
+ def err_deleted_deleted_objects(self, obj):
+ nmsg = ldb.Message()
+ nmsg.dn = dn = obj.dn
+
+ if "description" not in obj:
+ nmsg["description"] = ldb.MessageElement("Container for deleted objects", ldb.FLAG_MOD_REPLACE, "description")
+ if "showInAdvancedViewOnly" not in obj:
+ nmsg["showInAdvancedViewOnly"] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_REPLACE, "showInAdvancedViewOnly")
+ if "objectCategory" not in obj:
+ nmsg["objectCategory"] = ldb.MessageElement("CN=Container,%s" % self.schema_dn, ldb.FLAG_MOD_REPLACE, "objectCategory")
+ if "isCriticalSystemObject" not in obj:
+ nmsg["isCriticalSystemObject"] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_REPLACE, "isCriticalSystemObject")
+ if "isRecycled" in obj:
+ nmsg["isRecycled"] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_DELETE, "isRecycled")
+
+ if not self.confirm_all('Fix Deleted Objects container %s by restoring default attributes?'
+ % (dn), 'fix_deleted_deleted_objects'):
+ self.report('Not fixing missing/incorrect attributes on %s\n' % (dn))
+ return
+
+ if self.do_modify(nmsg, ["relax:0"],
+ "Failed to fix Deleted Objects container %s" % dn):
+ self.report("Fixed Deleted Objects container '%s'\n" % (dn))
+
+
def is_fsmo_role(self, dn):
if dn == self.samdb.domain_dn:
return True
@@ -1046,6 +1107,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
if str(attrname).lower() == "instancetype":
calculated_instancetype = self.calculate_instancetype(dn)
if len(obj["instanceType"]) != 1 or obj["instanceType"][0] != str(calculated_instancetype):
+ error_count += 1
self.err_wrong_instancetype(obj, calculated_instancetype)
show_dn = True
@@ -1095,6 +1157,11 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
else:
raise
+ if dn in self.deleted_objects_containers and '*' in attrs:
+ if self.is_deleted_deleted_objects(obj):
+ self.err_deleted_deleted_objects(obj)
+ error_count += 1
+
return error_count
################################################################
diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c
index ec6b93f..ac6b84d 100644
--- a/source3/lib/smbconf/smbconf_reg.c
+++ b/source3/lib/smbconf/smbconf_reg.c
@@ -50,34 +50,41 @@ static struct reg_private_data *rpd(struct smbconf_ctx *ctx)
return (struct reg_private_data *)(ctx->data);
}
-/*
- * check whether a given value name is forbidden in registry (smbconf)
+/**
+ * Check whether a given parameter name is valid in the
+ * smbconf registry backend.
*/
-static bool smbconf_reg_valname_forbidden(const char *valname)
+bool smbconf_reg_parameter_is_valid(const char *param_name)
{
/* hard code the list of forbidden names here for now */
- const char *forbidden_valnames[] = {
+ const char *forbidden_names[] = {
+ "state directory",
"lock directory",
"lock dir",
"config backend",
"include",
- "includes", /* this has a special meaning internally */
+ /*
+ * "includes" has a special meaning internally.
+ * It is currently not necessary to list it here since it is
+ * not a valid parameter. But for clarity and safety, we keep
+ * it for now.
+ */
+ INCLUDES_VALNAME,
NULL
};
const char **forbidden = NULL;
- for (forbidden = forbidden_valnames; *forbidden != NULL; forbidden++) {
- if (strwicmp(valname, *forbidden) == 0) {
- return true;
+ if (!lp_parameter_is_valid(param_name)) {
+ return false;
+ }
+
+ for (forbidden = forbidden_names; *forbidden != NULL; forbidden++) {
+ if (strwicmp(param_name, *forbidden) == 0) {
+ return false;
}
}
- return false;
-}
-static bool smbconf_reg_valname_valid(const char *valname)
-{
- return (!smbconf_reg_valname_forbidden(valname) &&
- lp_parameter_is_valid(valname));
+ return true;
}
/**
@@ -174,24 +181,15 @@ static sbcErr smbconf_reg_set_value(struct registry_key *key,
const char *canon_valname;
const char *canon_valstr;
- if (!lp_canonicalize_parameter_with_value(valname, valstr,
- &canon_valname,
- &canon_valstr))
- {
- if (canon_valname == NULL) {
- DEBUG(5, ("invalid parameter '%s' given\n",
- valname));
- } else {
- DEBUG(5, ("invalid value '%s' given for "
- "parameter '%s'\n", valstr, valname));
- }
+ if (!lp_parameter_is_valid(valname)) {
+ DEBUG(5, ("Invalid parameter '%s' given.\n", valname));
err = SBC_ERR_INVALID_PARAM;
goto done;
}
- if (smbconf_reg_valname_forbidden(canon_valname)) {
+ if (!smbconf_reg_parameter_is_valid(valname)) {
DEBUG(5, ("Parameter '%s' not allowed in registry.\n",
- canon_valname));
+ valname));
err = SBC_ERR_INVALID_PARAM;
goto done;
}
@@ -208,12 +206,26 @@ static sbcErr smbconf_reg_set_value(struct registry_key *key,
lp_parameter_is_global(valname))
{
DEBUG(5, ("Global parameter '%s' not allowed in "
- "service definition ('%s').\n", canon_valname,
+ "service definition ('%s').\n", valname,
subkeyname));
err = SBC_ERR_INVALID_PARAM;
goto done;
}
+ if (!lp_canonicalize_parameter_with_value(valname, valstr,
+ &canon_valname,
+ &canon_valstr))
+ {
+ /*
+ * We already know the parameter name is valid.
+ * So the value must be invalid.
+ */
+ DEBUG(5, ("invalid value '%s' given for parameter '%s'\n",
+ valstr, valname));
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
ZERO_STRUCT(val);
val.type = REG_SZ;
@@ -456,7 +468,7 @@ static sbcErr smbconf_reg_get_values(TALLOC_CTX *mem_ctx,
{
char *valstring;
- if (!smbconf_reg_valname_valid(valname)) {
+ if (!smbconf_reg_parameter_is_valid(valname)) {
continue;
}
@@ -1008,7 +1020,7 @@ static sbcErr smbconf_reg_get_parameter(struct smbconf_ctx *ctx,
goto done;
}
- if (!smbconf_reg_valname_valid(param)) {
+ if (!smbconf_reg_parameter_is_valid(param)) {
err = SBC_ERR_INVALID_PARAM;
goto done;
}
@@ -1053,7 +1065,7 @@ static sbcErr smbconf_reg_delete_parameter(struct smbconf_ctx *ctx,
goto done;
}
- if (!smbconf_reg_valname_valid(param)) {
+ if (!smbconf_reg_parameter_is_valid(param)) {
err = SBC_ERR_INVALID_PARAM;
goto done;
}
diff --git a/source3/lib/smbconf/smbconf_reg.h b/source3/lib/smbconf/smbconf_reg.h
index 2c49057..a3f343f 100644
--- a/source3/lib/smbconf/smbconf_reg.h
+++ b/source3/lib/smbconf/smbconf_reg.h
@@ -29,5 +29,10 @@ struct smbconf_ctx;
sbcErr smbconf_init_reg(TALLOC_CTX *mem_ctx, struct smbconf_ctx **conf_ctx,
const char *path);
+/**
+ * Check whether a given parameter name is valid in the
+ * smbconf registry backend.
+ */
+bool smbconf_reg_parameter_is_valid(const char *param_name);
#endif /* _LIBSMBCONF_REG_H_ */
diff --git a/source3/script/tests/test_net_conf.sh b/source3/script/tests/test_net_conf.sh
index 6d3d2a1..a81b21e 100755
--- a/source3/script/tests/test_net_conf.sh
+++ b/source3/script/tests/test_net_conf.sh
@@ -42,25 +42,6 @@ incdir=`dirname $0`/../../../testprogs/blackbox
failed=0
-SED_INVALID_PARAMS="{
-s/lock directory/;&/g
-s/lock dir/;&/g
-s/modules dir/;&/g
-s/logging/;&/g
-s/status/;&/g
-s/logdir/;&/g
-s/read prediction/;&/g
-s/mkprofile/;&/g
-s/valid chars/;&/g
-s/timesync/;&/g
-s/sambaconf/;&/g
-s/logtype/;&/g
-s/servername/;&/g
-s/postscript/;&/g
-}"
-
-REGPATH="HKLM\Software\Samba"
-
log_print() {
RC=$?
echo "CMD: $*" >>$LOG
@@ -441,6 +422,52 @@ test_conf_setparm_existing()
fi
}
+test_conf_setparm_forbidden()
+{
+ FORBIDDEN_PARAMS="state directory
+lock directory
+lock dir
+config backend
+include"
+
+ echo '\nTrying to set forbidden parameters' >> $LOG
+
+ echo '\nDropping existing configuration' >> $LOG
+ $NETCMD conf drop
+ log_print $NETCMD conf drop
+ test "x$?" = "x0" || {
+ echo 'ERROR: RC does not match, expected: 0' | tee -a $LOG
+ return 1
+ }
+
+ OLD_IFS="$IFS"
+ IFS='
+'
+ for PARAM in $FORBIDDEN_PARAMS ; do
+ IFS="$OLD_IFS"
+ echo "Trying to set parameter '$PARAM'" | tee -a $LOG
+ $NETCMD conf setparm global "$PARAM" "value" > $DIR/setparm_forbidden_out 2>&1
+ log_print $NETCMD conf setparm global \""$PARAM"\" "value"
+ test "x$?" = "x0" && {
+ echo "ERROR: setting forbidden parameter '$PARAM' succeeded" | tee -a $LOG
+ return 1
+ }
+
+ echo "output of net command: " | tee -a $LOG
+ cat $DIR/setparm_forbidden_out | tee -a $LOG
+
+ SEARCH="Parameter '$PARAM' not allowed in registry."
+ grep "$SEARCH" $DIR/setparm_forbidden_out >/dev/null 2>>$LOG
+ test "x$?" = "x0" || {
+ echo "ERROR: expected '$SEARCH'" | tee -a $LOG
+ return 1
+ }
+ done
+
+ IFS="$OLD_IFS"
+ return 0
+}
+
test_conf_setparm_usage()
{
echo '\nChecking usage' >>$LOG
@@ -903,6 +930,10 @@ CONF_FILES=$SERVERCONFFILE
test_conf_setparm_existing \
|| failed=`expr $failed + 1`
+ testit "conf_setparm_forbidden" \
+ test_conf_setparm_forbidden \
+ || failed=`expr $failed + 1`
+
testit "conf_setparm_usage" \
test_conf_setparm_usage \
|| failed=`expr $failed + 1`
diff --git a/source3/script/tests/test_net_registry_roundtrip.sh b/source3/script/tests/test_net_registry_roundtrip.sh
index f215887..6d24d34 100755
--- a/source3/script/tests/test_net_registry_roundtrip.sh
+++ b/source3/script/tests/test_net_registry_roundtrip.sh
@@ -32,21 +32,16 @@ incdir=`dirname $0`/../../../testprogs/blackbox
failed=0
+#
+# List of parameters to skip when importing configuration files:
+# They are forbidden in the registry and would lead import to fail.
+#
SED_INVALID_PARAMS="{
+s/state directory/;&/g
s/lock directory/;&/g
s/lock dir/;&/g
-s/modules dir/;&/g
-s/logging/;&/g
-s/status/;&/g
-s/logdir/;&/g
-s/read prediction/;&/g
-s/mkprofile/;&/g
-s/valid chars/;&/g
-s/timesync/;&/g
-s/sambaconf/;&/g
-s/logtype/;&/g
-s/servername/;&/g
-s/postscript/;&/g
+s/config backend/;&/g
+s/include/;&/g
}"
REGPATH="HKLM\Software\Samba"
diff --git a/source3/utils/net_conf.c b/source3/utils/net_conf.c
index e43cd12..e8481b4 100644
--- a/source3/utils/net_conf.c
+++ b/source3/utils/net_conf.c
@@ -30,6 +30,7 @@
#include "includes.h"
#include "system/filesys.h"
#include "utils/net.h"
+#include "utils/net_conf_util.h"
#include "lib/smbconf/smbconf.h"
#include "lib/smbconf/smbconf_init.h"
#include "lib/smbconf/smbconf_reg.h"
@@ -788,6 +789,10 @@ static int net_conf_setparm(struct net_context *c, struct smbconf_ctx *conf_ctx,
}
value_str = argv[2];
+ if (!net_conf_param_valid(service,param, value_str)) {
+ goto done;
+ }
+
err = smbconf_transaction_start(conf_ctx);
if (!SBC_ERROR_IS_OK(err)) {
d_printf(_("error starting transaction: %s\n"),
diff --git a/source3/utils/net_conf_util.c b/source3/utils/net_conf_util.c
new file mode 100644
index 0000000..a188097
--- /dev/null
+++ b/source3/utils/net_conf_util.c
@@ -0,0 +1,69 @@
+/*
+ * Samba Unix/Linux SMB client library
+ * Distributed SMB/CIFS Server Management Utility
+ * Configuration interface
+ *
+ * Copyright (C) Michael Adam 2013
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Utility functions for net conf and net rpc conf.
+ */
+
+#include "includes.h"
+#include "lib/smbconf/smbconf.h"
+#include "lib/smbconf/smbconf_reg.h"
+#include "lib/param/loadparm.h"
+#include "net_conf_util.h"
+
+bool net_conf_param_valid(const char *service,
+ const char *param,
+ const char *valstr)
+{
+ const char *canon_param, *canon_valstr;
+
+ if (!lp_parameter_is_valid(param)) {
+ d_fprintf(stderr, "Invalid parameter '%s' given.\n", param);
+ return false;
+ }
+
+ if (!smbconf_reg_parameter_is_valid(param)) {
+ d_fprintf(stderr, "Parameter '%s' not allowed in registry.\n",
+ param);
+ return false;
+ }
+
+ if (!strequal(service, GLOBAL_NAME) && lp_parameter_is_global(param)) {
+ d_fprintf(stderr, "Global parameter '%s' not allowed in "
+ "service definition ('%s').\n", param, service);
+ return false;
+ }
+
+ if (!lp_canonicalize_parameter_with_value(param, valstr,
+ &canon_param,
+ &canon_valstr))
+ {
+ /*
+ * We already know the parameter name is valid.
+ * So the value must be invalid.
+ */
+ d_fprintf(stderr, "invalid value '%s' given for "
+ "parameter '%s'\n", param, valstr);
+ return false;
+ }
+
+ return true;
+}
diff --git a/lib/smbconf/smbconf_txt.h b/source3/utils/net_conf_util.h
similarity index 62%
copy from lib/smbconf/smbconf_txt.h
copy to source3/utils/net_conf_util.h
index 72d6207..798b399 100644
--- a/lib/smbconf/smbconf_txt.h
+++ b/source3/utils/net_conf_util.h
@@ -1,7 +1,9 @@
/*
- * Unix SMB/CIFS implementation.
--
Samba Shared Repository
More information about the samba-cvs
mailing list